My domain is: michiganpistol.com
I’m using a control panel to manage my site: Plesk Onyx Version 17.8.11 Update #16
I received the following error with Web Application Firewall (ModSecurity) turned On…
17293822571250189533 66.133.109.36:58902 80 127.0.0.1 80
–23480000-B–
GET /.well-known/acme-challenge/nLhqlYmsng2vJZ8DczTkdvWoYOKsglUI1HUq_ULDcTk HTTP/1.1
Connection: close
Accept: /
Accept-Encoding: gzip
Host: michiganpistol.com
User-Agent: Mozilla/5.0 (compatible; Let’s Encrypt validation server; +https://www.letsencrypt.org)
–23480000-F–
HTTP/1.1 500 Internal Server Error
–23480000-H–
Message: Access denied with code 403 (phase 1). RBL lookup of 36.109.133.66.xbl.spamhaus.org succeeded at REMOTE_ADDR (Illegal 3rd party exploits). [file “C:/Program Files (x86)/Plesk/ModSecurity/rules/tortix/modsec/00_asl_rbl.conf”] [line “51”] [id “350000”] [rev “2”] [msg “Global RBL Match: IP is on the xbl.spamhaus.org Blacklist (Report False Positives to www.spamhaus.org)”] [severity “ERROR”]
Action: Intercepted (phase 1)
Apache-Handler: IIS
Stopwatch: 1533925384790549 8562509 (- - -)
Stopwatch2: 1533925384790549 8562509; combined=17078089, p1=15639, p2=0, p3=0, p4=0, p5=8531225, sr=0, sw=0, l=0, gc=8531225
Producer: ModSecurity for IIS (STABLE)/2.9.1 (http://www.modsecurity.org/); 201404231529.
Server: ModSecurity Standalone
Engine-Mode: “ENABLED”
–23480000-Z–
–aa090000-A–
My concern is over: RBL lookup of 36.109.133.66.xbl.spamhaus.org succeeded at REMOTE_ADDR (Illegal 3rd party exploits). [file “C:/Program Files (x86)/Plesk/ModSecurity/rules/tortix/modsec/00_asl_rbl.conf”] [line “51”] [id “350000”] [rev “2”] [msg “Global RBL Match: IP is on the xbl.spamhaus.org Blacklist (Report False Positives to www.spamhaus.org)”] [severity “ERROR”]
Action: Intercepted (phase 1)
https://www.spamhaus.org/query/ip/66.133.109.36 – 66.133.109.36 is listed in the XBL
https://www.abuseat.org/lookup.cgi?ip=66.133.109.36 – This IP address is infected with, or is NATting for a machine infected with the Conficker malicious botnet.
Disabling ModSecurity rule allows the SSL to be renewed successfully.